1. Field of the Invention
Apparatuses and methods consistent with the present invention relates to protecting information stored in a storage medium, such as a flash memory, and more particularly, to protecting important data information stored in a storage from an unauthorized access.
2. Description of the Related Art
In general, personal computers, personal digital assistants (PDAs), wireless terminals, and digital televisions (DTVs) can use a virtualization technology to ensure security and to provide various applications and services. In the virtualization technology, functions, such as secure booting, secure software, and access control, are needed to provide a secure environment. As a core technology for providing these functions, a storage security system for protecting important data information stored in a storage medium, such as a hard disk or a flash memory, from an unauthorized access and for limiting the use of the storage by different users has been developed.
FIG. 1 is a block diagram illustrating the structure of a system for protecting data information stored in a storage medium according to the related art, and FIG. 2 is a diagram schematically illustrating an information access restricting region of the data-information protecting system according to the related art.
As shown in FIGS. 1 and 2, the system includes a driver/control domain 31 that can directly access a memory (storage) 20 and a general domain 32 that can access the memory 20 through the driver/control domain 31, in an environment using a virtual machine monitor (VMM) 10.
The driver/control domain 31 can access both a driver/control domain using region (a) and a general domain using region (b), and the general domain 32 can access only the general domain using the region (b).
However, in the system, the different setting of the access regions enables the driver/control domain 31 to access a kernel stored in the general domain using region (b) as well as important information data, such as the VMM 10, a security key, and a driver/control domain kernel, which results in weak protection of important information stored in the storage.
In order to perform security booting, it is necessary to check whether the hardware, the VMM 10, and the kernel are changed in this order. However, since the VMM 10, the kernel, and the boot loader are exposed to general users or viruses, they are likely to be changed, thus making it difficult to perform secure booting for ensuring a secure environment.
Further, in the related art, there is a risk that important information data codes will be changed due to malicious software such as a virus. That is, when all the data, such as the kernel, a device driver, security policies, and a master key, is exposed to general users, the data is likely to be changed due to virus. For example, if a keyboard driver is changed due to a virus, data input by the user, for example, an identifier (ID) or a password, may be transmitted to other persons.
Furthermore, an unauthorized user may change commercial codes or data, such as digital rights management (DRM). That is, the unauthorized user can easily access all the data, such as the VMM 10, the security policies, and the master key, and acquire data to be protected by, for example, DRM using a crack program, which may also have an adverse effect on commercial service providers, such as MP3 service providers.